Friday, June 13, 2014

Mozilla addresses seven flaws in Firefox 30

The Mozilla Firefox 30 browser does not include major new features, yet it does provide users with security fixes and some incremental updates. Released on June 10, Firefox 30 improves on the Firefox 29 browser, which debuted April 29 with the biggest user interface update for the open-source browser in years. Firefox 30.0 includes seven security advisories attached to the open-source browser release. As is common in nearly every Firefox release, one of the security advisories is identified as fixing "miscellaneous memory safety hazards." In the case of Firefox 30, only two memory hazards, CVE-2014-1533 and CVE-2014-1534, are patched. Firefox isn't the only Web browser that has to face the challenge of memory-related security vulnerabilities. As part of its June Patch Tuesday update, Microsoft patched the Internet Explorer browser for 54 memory-corruption vulnerabilities. In addition to the miscellaneous memory safety hazards, three of the Firefox security advisories deal with use-after-free memory vulnerabilities. <more>